WIXLIB

Tenable.io and Lieberman RED Integration GuideLast Revised: May 22, 2021

Table of ContentsWelcome to Tenable.io for Lieberman3Integrations4Configure Windows IntegrationShared Accounts59Configure SSH Integration11Configure Database Integration14Enable Database Plugins17Additional Information19Lieberman System20About Tenable21Copyright 2021 Tenable, Inc. All rights reserved. Tenable, Tenable.io, Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks ofTenable,Inc. Tenable.sc, Tenable.ot, Lumin, Indegy, Assure, and The Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective owners.

Welcome to Tenable.io for LiebermanThis document provides information and steps for integrating Tenable.io with Lieberman.Security administrators know that conducting network vulnerability assessments means gettingaccess to and navigating an ever-changing sea of usernames, passwords, and privileges. By integrating Tenable.io with Lieberman, customers have more choice and flexibility.The benefits of integrating Tenable.io with Lieberman include:lCredentials update directly in Tenable.io, requiring less management.lReduced time and effort documenting where credentials are stored in the organizational environment.lAutomatic enforcement of security policies in specific departments or business unit requirements, simplifying compliance.lReduced risk of unsecured privileged accounts and credentials across the enterprise.Copyright 2021 Tenable, Inc. All rights reserved. Tenable, Tenable.io, Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks ofTenable,Inc. Tenable.sc, Tenable.ot, Lumin, Indegy, Assure, and The Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective owners.

IntegrationsThe Lieberman system can be configured using either Windows or SSH. Full database support is alsoprovided. Click the corresponding link to view the configuration steps.Windows IntegrationSSH IntegrationDatabase IntegrationCopyright 2021 Tenable, Inc. All rights reserved. Tenable, Tenable.io, Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks ofTenable,Inc. Tenable.sc, Tenable.ot, Lumin, Indegy, Assure, and The Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective owners.

Configure Windows IntegrationTo integrate with Windows:1. Log in to Tenable.io.2. In the upper-left corner, click thebutton.The left navigation plane appears.3. In the left navigation plane, click Settings.The Settings page appears.4. Click the Credentials widget.The Credentials page appears. The credentials table lists the managed credentials you have permission to view.5. Click thebutton next to the Credentials title.The credential form plane appears.6. In the Host section, click Windows.The selected credential options appear.7. In the Authentication Method drop-down, select Lieberman.The Lieberman options appear.8. Configure the Lieberman credentials.OptionDescriptionRequiredUsernameThe target system’s username.yesDomainThe domain, if the username is part of anodomain.Lieberman hostThe Lieberman IP/DNS address.yesNote: If your Lieberman installation is in aCopyright 2021 Tenable, Inc. All rights reserved. Tenable, Tenable.io, Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks ofTenable,Inc. Tenable.sc, Tenable.ot, Lumin, Indegy, Assure, and The Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective owners.

OptionDescriptionRequiredsubdirectory, you must include the subdirectory path. For example, type IPaddress or hostname / subdirectory path.Lieberman portThe port on which Lieberman listens.yesLieberman API URLThe URL Tenable.io uses to accessnoLieberman.Lieberman userThe Lieberman explicit user for authen-yesticating to the Lieberman RED API.Lieberman passwordThe password for the Lieberman explicityesuser.Lieberman AuthenticatorThe alias used for the authenticator innoLieberman. The name should match thename used in Lieberman.Note: If you use this option, append adomain to the Lieberman user option,i.e., domain\user.Lieberman Client CertificateThe file that contains the PEM cer-notificate used to communicate with theLieberman host.Note: If you use this option, you do nothave to enter information in the Lieberman user, Lieberman password, andLieberman Authenticator fields.Lieberman Client CertificateThe file that contains the PEM privatePrivate Keykey for the client certificate.Lieberman Client CertificateThe passphrase for the private key, ifPrivate Key Passphraserequired.nonoCopyright 2021 Tenable, Inc. All rights reserved. Tenable, Tenable.io, Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks ofTenable,Inc. Tenable.sc, Tenable.ot, Lumin, Indegy, Assure, and The Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective owners.

OptionDescriptionRequiredUse SSLIf Lieberman is configured to supportnoSSL through IIS, check for secure communication.Verify SSL CertificateIf Lieberman is configured to supportnoSSL through IIS and you want to validatethe certificate, check this. Refer to custom CA.inc documentation for how touse self-signed certificates.System NameIn the rare case your organization usesnoone default Lieberman entry for all managed systems, enter the default entryname.9. Click Save.10. To verify the integration works, click the Launch button to initiate an on-demand scan.Copyright 2021 Tenable, Inc. All rights reserved. Tenable, Tenable.io, Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks ofTenable,Inc. Tenable.sc, Tenable.ot, Lumin, Indegy, Assure, and The Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective owners.

11. Once the scan has completed, select the completed scan and look for the corresponding message - Microsoft Windows SMB Log In Possible: 10394. This validates that authentication was successful.Copyright 2021 Tenable, Inc. All rights reserved. Tenable, Tenable.io, Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks ofTenable,Inc. Tenable.sc, Tenable.ot, Lumin, Indegy, Assure, and The Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective owners.

Shared AccountsYou can use the shared accounts option to manage multiple targets using the same credentials.Before you begin:You must have the following permissions selected in Lieberman:llog inlignore password checkoutlrecover passwordlthe management sets you want the account to have access toTo allow shared accounts in Lieberman:1. Choose an account or import one into the Lieberman password store.2. In the Lieberman UI, specify the credential and enter a name in the System Name field.For this example, we created: user - test-domain/user and machine - sharedcred.Copyright 2021 Tenable, Inc. All rights reserved. Tenable, Tenable.io, Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks ofTenable,Inc. Tenable.sc, Tenable.ot, Lumin, Indegy, Assure, and The Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective owners.

Note:If you enter a specific machine in the System Name, you can pull back a synced password.Note: The machine in the System Name field uses the same username and password combo for all targets.3. Click Import Account.Copyright 2021 Tenable, Inc. All rights reserved. Tenable, Tenable.io, Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks ofTenable,Inc. Tenable.sc, Tenable.ot, Lumin, Indegy, Assure, and The Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective owners.

Configure SSH IntegrationTo integrate with SSH:1. Log in to Tenable.io.2. In the upper-left corner, click thebutton.The left navigation plane appears.3. In the left navigation plane, click Settings.The Settings page appears.4. Click the Credentials widget.The Credentials page appears. The credentials table lists the managed credentials you have permission to view.5. Click thebutton next to the Credentials title.The credential form plane appears.6. In the Host section, click Windows.The selected credential options appear.7. In the Authentication Method drop-down, select Lieberman.The Lieberman options appear.8. Configure the Lieberman credentials.OptionDescriptionRequiredUsernameThe target system’s username.yesLieberman hostThe Lieberman IP/DNS address.yesNote: If your Lieberman installation is in a subdirectory,you must include the subdirectory path. For example,type IP address or hostname / subdirectory path.Copyright 2021 Tenable, Inc. All rights reserved. Tenable, Tenable.io, Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks ofTenable,Inc. Tenable.sc, Tenable.ot, Lumin, Indegy, Assure, and The Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective owners.

OptionDescriptionRequiredLieberman portThe port on which Lieberman listens.yesLieberman APIThe URL Tenable.io uses to access Lieberman.noThe Lieberman explicit user for authenticating to theyesURLLieberman userLieberman RED API.Lieberman pass-The password for the Lieberman explicit user.yesLiebermanThe alias used for the authenticator in Lieberman. ThenoAuthenticatorname should match the name used in Lieberman.wordNote: If you use this option, append a domain to theLieberman user option, i.e., domain\user.Lieberman ClientThe file that contains the PEM certificate used to com-Certificatemunicate with the Lieberman host.noNote: If you use this option, you do not have to enterinformation in the Lieberman user, Lieberman password,and Lieberman Authenticator fields.Lieberman ClientThe file that contains the PEM private key for the cli-Certificate Priv-ent certificate.noate KeyLieberman ClientThe passphrase for the private key, if required.noIf Lieberman is configured to support SSL through IIS,noCertificate Private Key PassphraseUse SSLcheck for secure communication.Verify SSL Cer-If Lieberman is configured to support SSL through IISnoCopyright 2021 Tenable, Inc. All rights reserved. Tenable, Tenable.io, Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks ofTenable,Inc. Tenable.sc, Tenable.ot, Lumin, Indegy, Assure, and The Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective owners.